﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace Cxx.Common
{
    public class MyWebHelper
    {
        /// <summary>
        /// 遍历容器(查询条)中控件,生成查询条件字符串
        /// </summary>
        /// <param name="panel">Panel控件</param>
        /// <param name="msg"></param>
        /// <returns>查询条件字符串</returns>
        public static string SelectKey(Control panel, out string msg)
        {
            string key = "";
            msg = string.Empty;
            //将查询条中的各表单元素名称和值连接成字符串
            foreach (Control control in panel.Controls)
            {
                switch (control.ToString())
                {
                    case "System.Web.UI.WebControls.TextBox":

                        TextBox myTextBox = (TextBox)control;

                        if (!string.IsNullOrEmpty(myTextBox.Text))
                        {
                            string myText = string.Empty;
                            if (myTextBox.ID.Equals("txtStartTime"))
                            {
                                bool result = DateTime.TryParse(myTextBox.Text, out var dateTime);
                                if (!result)
                                {
                                    msg = "日期转换失败";
                                }
                                myText = dateTime.ToString("yyyy-MM-dd HH:mm:ss");
                            }
                            if (myTextBox.ID.Equals("txtEndTime"))
                            {
                                bool result = DateTime.TryParse(myTextBox.Text, out var dateTime);
                                if (!result)
                                {
                                    msg = "日期转换失败";
                                }
                                dateTime = dateTime.AddDays(1).AddSeconds(-1);
                                myText = dateTime.ToString("yyyy-MM-dd HH:mm:ss");
                            }
                            string resultText = string.IsNullOrWhiteSpace(myText) ? myTextBox.Text.Trim() : myText;
                            key += myTextBox.ID + "=" + Regex.Replace(resultText, "[?=|{}]", "") + "|";
                        }
                        break;
                    case "System.Web.UI.WebControls.DropDownList":

                        DropDownList myDropDownList = (DropDownList)control;

                        if (!string.IsNullOrEmpty(myDropDownList.SelectedValue))
                        {
                            key += myDropDownList.ID + "=" + Regex.Replace(myDropDownList.SelectedValue, "[?=|{}]", "") + "|";
                        }
                        break;
                    case "System.Web.UI.WebControls.HiddenField":
                        HiddenField myHiddenField = (HiddenField)control;

                        if (!string.IsNullOrEmpty(myHiddenField.Value))
                        {
                            key += myHiddenField.ID + "=" + Regex.Replace(myHiddenField.Value, "[?=|{}]", "") + "|";
                        }
                        break;
                    case "System.Web.UI.WebControls.RadioButtonList":
                        RadioButtonList myRadioButtonList = (RadioButtonList)control;

                        if (!string.IsNullOrEmpty(myRadioButtonList.SelectedValue))
                        {
                            key += myRadioButtonList.ID + "=" + Regex.Replace(myRadioButtonList.SelectedValue, "[?=|{}]", "") + "|";
                        }
                        break;
                }
            }
            key = StripSqlInjection(key);
            // 去除最后一个分隔符,并在两边加上大括号
            if (!string.IsNullOrEmpty(key))
            {
                key = "{" + key.TrimEnd('|') + "}";
            }
            if (IsExistBadStr(key))
            {
                msg = "查询条件存在非法字符，请检查后重新提交";
            }

            return key;
        }

        /// <summary>  
        /// 删除SQL注入特殊字符  
        /// 解然 20070622加入对输入参数sql为Null的判断  
        /// </summary>  
        public static string StripSqlInjection(string sql)
        {
            if (!string.IsNullOrEmpty(sql))
            {
                //过滤 ' --  
                string pattern1 = @"(\%27)|(\')|(\-\-)";

                //防止执行 ' or  
                string pattern2 = @"((\%27)|(\'))\s*((\%6F)|o|(\%4F))((\%72)|r|(\%52))";

                //防止执行sql server 内部存储过程或扩展存储过程  
                string pattern3 = @"\s+exec(\s|\+)+(s|x)p\w+";

                sql = Regex.Replace(sql, pattern1, string.Empty, RegexOptions.IgnoreCase);
                sql = Regex.Replace(sql, pattern2, string.Empty, RegexOptions.IgnoreCase);
                sql = Regex.Replace(sql, pattern3, string.Empty, RegexOptions.IgnoreCase);
            }
            return sql;
        }

        /// <summary>  
        ///  判断是否有非法字符
        /// </summary>  
        /// <param name="strString"></param>  
        /// <returns>返回TRUE表示有非法字符，返回FALSE表示没有非法字符。</returns>  
        public static bool IsExistBadStr(string strString)
        {
            bool outValue = false;
            if (strString != null && strString.Length > 0)
            {
                string[] badStrlist = new string[22];
                badStrlist[0] = "'";
                badStrlist[1] = ";";
                badStrlist[2] = ":";
                badStrlist[3] = "%";
                badStrlist[4] = "@";
                badStrlist[5] = "&";
                badStrlist[6] = "#";
                badStrlist[7] = "\"";
                badStrlist[8] = "net user";
                badStrlist[9] = "exec";
                badStrlist[10] = "net localgroup";
                badStrlist[11] = "select";
                badStrlist[12] = "asc";
                badStrlist[13] = "char";
                badStrlist[14] = "mid";
                badStrlist[15] = "insert";
                badStrlist[16] = "order";
                badStrlist[17] = "exec";
                badStrlist[18] = "delete";
                badStrlist[19] = "drop";
                badStrlist[20] = "truncate";
                badStrlist[21] = "xp_cmdshell";
                //badStrlist[25] = "<";
                //badStrlist[26] = ">";
                string tempStr = strString.ToLower();
                for (int i = 0; i < badStrlist.Length; i++)
                {
                    if (tempStr.IndexOf(badStrlist[i]) != -1)
                    //if (tempStr == bidStrlist[i])  
                    {
                        outValue = true;
                        break;
                    }
                }
            }
            return outValue;
        }
    }
}
